QUESTION 3Case study 1 – Litware IncBackgroundYou are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.Overall architectureEmployees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manager their receipts and perform any additional tasks needed for reimbursement.Receipt processingEmployees may upload receipts in two ways: Uploading using an Azure Files mounted folder Uploading using the web applicationData StorageReceipt and employee information is stored in an Azure SQL database.DocumentationEmployees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.Solution detailsUsers table

Web ApplicationYou enable MSI for the Web App and configure the Web App to use the security principal name.ProcessingProcessing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.RequirementsReceipt processingConcurrent processing of a receipt must be prevented.LoggingAzure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.Disaster recoveryRegional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.Security Users’ SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins. All certificates and secrets used to secure data must be stored in Azure Key Vault. You must adhere to the Least Privilege Principal. All access to Azure Storage and Azure SQL database must use the application’s Managed Service Identity (MSI) Receipt data must always be encrypted at rest. All data must be protected in transit. User’s expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment with the remaining parts obscured. In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.IssuesUpload format issueEmployees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.Capacity issueDuring busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.Log capacity issueDevelopers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.Processing.cs

Database.cs

ReceiptUploader.cs

ConfigureSSE.ps1

Hotspot QuestionYou need to ensure that security requirements are met.What value should be used for the ConnectionString field on line DB03 in the Database class? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.

Answer:

Explanation:Box 1: Integrated Security=SSPIIntegrated security: For all data source types, connect using the current user account.For SqlClient you can use Integrated Security=true; or Integrated Security=SSPI;Scenario: All access to Azure Storage and Azure SQL database must use the application’s Managed Service Identity (MSI)Box 2: Encrypt = TrueScenario: All data must be protected in transit.References:https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/connection-string-syntax

QUESTION 4Case study 1 – Litware IncBackgroundYou are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.Overall architectureEmployees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manager their receipts and perform any additional tasks needed for reimbursement.Receipt processingEmployees may upload receipts in two ways: Uploading using an Azure Files mounted folder Uploading using the web applicationData StorageReceipt and employee information is stored in an Azure SQL database.DocumentationEmployees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.Solution detailsUsers table

Web ApplicationYou enable MSI for the Web App and configure the Web App to use the security principal name.ProcessingProcessing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.RequirementsReceipt processingConcurrent processing of a receipt must be prevented.LoggingAzure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.Disaster recoveryRegional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.Security Users’ SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins. All certificates and secrets used to secure data must be stored in Azure Key Vault. You must adhere to the Least Privilege Principal. All access to Azure Storage and Azure SQL database must use the application’s Managed Service Identity (MSI) Receipt data must always be encrypted at rest. All data must be protected in transit. User’s expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment with the remaining parts obscured. In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.IssuesUpload format issueEmployees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.Capacity issueDuring busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.Log capacity issueDevelopers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.Processing.cs

Database.cs

ReceiptUploader.cs

ConfigureSSE.ps1

Hotspot QuestionYou need to configure retries in the LoadUserDetails function in the Database class without impacting user experience.What code, should you insert on line DB07?To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.

Answer:

Explanation:Box 1: PolicyRetryPolicy retry = Policy.Handle<HttpRequestException>().Retry(3);The above example will create a retry policy which will retry up to three times if an action fails with an exception handled by the Policy.Box 2: WaitAndRetryAsync(3,i => TimeSpan.FromMilliseconds(100* Math.Pow(2,i-1)));A common retry strategy is exponential backoff: this allows for retries to be made initially quickly, but then at progressively longer intervals, to avoid hitting a subsystem with repeated frequent calls if the subsystem may be struggling.Example:Policy.Handle<SomeExceptionType>().WaitAndRetry(3, retryAttempt =>TimeSpan.FromSeconds(Math.Pow(2, retryAttempt)));References:https://github.com/App-vNext/Polly/wiki/Retry

QUESTION 5Case Study 2 – Coho WineryLabelMaker appCoho Winery produces bottles, and distributes a variety of wines globally. You are developer implementing highly scalable and resilient applications to support online order processing by using Azure solutions.Coho Winery has a LabelMaker application that prints labels for wine bottles. The application sends data to several printers. The application consists of five modules that run independently on virtual machines (VMs). Coho Winery plans to move the application to Azure and continue to support label creation.External partners send data to the LabelMaker application to include artwork and text for custom label designs.DataYou identify the following requirements for data management and manipulation: Order data is stored as nonrelational JSON and must be queried using Structured Query Language (SQL). Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.You have the following security requirements: Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners. External partners must use their own credentials and authenticate with their organization’s identity management solution. External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance. Storage of e-commerce application settings must be maintained in Azure Key Vault. E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD). Conditional access policies must be applied at the application level to protect company content The LabelMaker applications must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.LabelMaker appAzure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).You must use Azure Container Registry to publish images that support the AKS deployment.

Calls to the Printer API App fail periodically due to printer communication timeouts.Printer communications timeouts occur after 10 seconds. The label printer must only receive up to 5 attempts within one minute.The order workflow fails to run upon initial deployment to Azure.Order json.Relevant portions of the app files are shown below. Line numbers are included for reference only.This JSON file contains a representation of the data for an order that includes a single item.Order .json

You need to troubleshoot the order workflow.What should you do? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. Review the run history.B. Review the activity log.C. Review the API connections.D. Review the trigger history.